[tor-bugs] #9456 [Tor bundles/installation]: TorBrowser bundle leak "local" information on when it was last used
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 12 11:45:52 UTC 2013
#9456: TorBrowser bundle leak "local" information on when it was last used
--------------------------------------+-------------------------------------
Reporter: naif | Owner: erinn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
TorBrowser bundle leak "local" information on when it was last used .
This is because the local filesystem keep MAC (modified, access, creation)
time.
It means that from a forensic analyst perspective it will be always
possible to identify which is the last time the TorBrowser has been
started (and probably when it has been closed) by carefully looking at the
"atime" attribute of the filesystem in the directory where TBB is stored.
To fix this issue the TBB, on start and on close, should reset the "atime
attribute" of all the files and directory where it is stored.
This can be done on all major filesystem with proper programming API
(FAT32, NTFS, HFS, Ext4, etc) .
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9456>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list